Options to revoke a key

Ben Finney ben at benfinney.id.au
Mon Oct 27 11:47:06 CET 2003


On 27-Oct-2003, Stefan Nicolin wrote:
> Apparently I also didn't create a revoke certificate (not sure if I
> understand the whole revoking thing here because I'am prompted for the
> passphrase upon revoking the key).

Revoking a key requires access to the key.  Access to the key requires
the passphrase.

This is necessary to prevent someone in posession of your secret key
from revoking it without your permission.

> I still remember fragments of my passphrase. That's why I'am asking
> for advice how to brute force recover it.

Infeasibility of brute-force compromise is a goal behind the algorithms
used to protect the key.  If it were feasible to do so, we'd want to
know about it so that it could be fixed (made infeasible) again.

As far as the software is concerned, someone who has lost their
passphrase is indistinguishable from someone who never knew it.

For this reason, the documentation (and, I believe, the keypair
generation process) recommends creating a revocation certificate *at the
time of the key's creation*, since losing the passphrase os one of the
most common circumstances for wanting to use a revocation certificate.

-- 
 \           "There is no reason anyone would want a computer in their |
  `\          home."  -- Ken Olson, president, chairman and founder of |
_o__)                                    Digital Equipment Corp., 1977 |
Ben Finney <ben at benfinney.id.au>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : /pipermail/attachments/20031027/c4476554/attachment.bin


More information about the Gnupg-users mailing list